fix: review comments batch 1

2026-05-07 04:48:12 +00:00 · 2026-05-05 18:43:22 +03:00
parent f3965a7470
commit d47e4d3d79
10 changed files with 131 additions and 88 deletions
@@ -70,20 +70,18 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
 		if err == nil {
 			userContext, cookie, err := m.cookieAuth(c.Request.Context(), uuid)

-			if err != nil {
-				tlog.App.Error().Msgf("Error authenticating session cookie: %v", err)
+			if err == nil {
+				if cookie != nil {
+					http.SetCookie(c.Writer, cookie)
+				}
+
+				tlog.App.Trace().Msgf("Authenticated user from session cookie: %s", userContext.GetUsername())
+				c.Set("context", userContext)
 				c.Next()
 				return
+			} else {
+				tlog.App.Error().Msgf("Error authenticating session cookie: %v", err)
 			}
-
-			if cookie != nil {
-				http.SetCookie(c.Writer, cookie)
-			}
-
-			tlog.App.Trace().Msgf("Authenticated user from session cookie: %s", userContext.GetUsername())
-			c.Set("context", userContext)
-			c.Next()
-			return
 		}

 		username, password, ok := c.Request.BasicAuth()
@@ -253,6 +253,18 @@ func TestContextMiddleware(t *testing.T) {
 				req.Header.Set("Authorization", basicAuthHeader("totpuser", "password"))
 				userCtx, _ := args.do(req)

+				require.NotNil(t, userCtx)
+				assert.Equal(t, "testuser", userCtx.GetUsername())
+				assert.True(t, userCtx.Authenticated)
+			},
+		},
+		{
+			description: "Ensure fallback to basic auth when cookie is missing",
+			run: func(t *testing.T, args runArgs) {
+				req := httptest.NewRequest("GET", "/api/test", nil)
+				req.Header.Set("Authorization", basicAuthHeader("testuser", "password"))
+				userCtx, _ := args.do(req)
+
 				require.NotNil(t, userCtx)
 				assert.Equal(t, "testuser", userCtx.GetUsername())
 				assert.True(t, userCtx.Authenticated)